Testing a password for similarity to previous hashesI can perfectly agree with your point, personally I dislike all those basically awkward password policies... I just thought it worth mentioning that depending on your scenario a regular password change is no bad idea - do you actually always check your last unix login time? The IP address log may however be more helpful indeed, but still requires user attention...